Government units, top IT firm among cyber-espionage targets: Symantec

Symatec said the attacks occurred in several different countries, but its investigation revealed that the primary targets were individuals and organisations primarily located in India.PTI | May 18, 2016, 09:28 IST

Two government organisations, one of the largest financial institutions and a top IT firm have been among the targets of an advanced cyber espionage group conducting long-term espionage campaigns against high-profile targets in India, according to cyber-security firm Symantec.

The security firm has identified a number of attacks over a two-year period, beginning in April 2014, by this group named 'Suckfly'.

While Symantec didn't name the victims, it said these include "one of India's largest financial organisations; a large e-commerce company and the e-commerce company's primary shipping vendor; one of India's top five IT firms; a US healthcare provider's Indian business unit; and two government organisations".

In a blog, Symatec said the attacks occurred in several different countries, but its investigation revealed that the primary targets were individuals and organisations primarily located in India.

Indian targets show a greater amount of post-infection activity than targets in the other regions, it added.

"This suggests that these attacks were part of a planned operation against specific targets in India... Suckfly spent more time attacking the government networks compared to all but one of the commercial targets," it added.

Symantec said one of the Indian government organisation is "linked to departments of India's central government and is responsible for implementing network software for different ministries and departments".

The high infection rate for this target is likely because of the organisation's access, technology, and information that it has on other Indian government organisations, it said.

"Suckfly's attacks on government organisations that provide information technology services to other government branches is not limited to India. They have conducted attacks on similar organisations in Saudi Arabia, likely because of the access that those organisations have," it said.

Symantec said all of these targets are large corporations that play a major role in India's economy.

"By targeting all of these organisations together, Suckfly could have had a much larger impact on India and its economy. While we don't know the motivations behind the attacks, the targeted commercial organisations, along with the targeted government organisations may point in this direction," it added.

Suckfly allegedly has the resources to develop malware, purchase infrastructure, and conduct targeted attacks for years while staying off the radar of security organizations.

During this time, they were able to steal digital certificates from South Korean firms and launch attacks against Indian and Saudi Arabian government organisations.

"There is no evidence that Suckfly gained any benefits from attacking the government organizations, but someone else may have benefited from these attacks. The nature of the Suckfly attacks suggests that it is unlikely that the threat group orchestrated these attacks on their own," it added.

Symantec said Suckfly is expected to continue to target organisations in India, and similar organisations in other countries to provide economic insight to the organisation behind Suckfly's operations.